12c6cd78b8b63a7b31ee54563ff0db51983e6b43
[squasher.git] / webroot / squasher.php
1 <?php
2 if (!$_SESSION['creds']['validated'] && !isset($_GET['f']))
3         exit();
4
5 require_once("squasher.class.php");
6
7 $squashweb = new squashweb();
8
9 $squashweb->update_history();
10
11 $requestpath = @$_GET['path'];
12 if (!$requestpath || strlen($requestpath)<1 || $requestpath[0]!='/') {
13         $requestpath = '/';
14 }
15
16 if (@$_GET['f'] || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
17         $getdeepfiles=true;
18         $populate=false;
19 } else {
20         $getdeepfiles=false;
21         $populate=true;
22 }
23
24 //update folder rights if form is posted
25 if (@$_POST['edited_user'] > 0 && @$_POST['formtype'] == 'folderrights')
26         $squashweb->update_rights($_POST['edited_user'], $_POST['m'], $_SESSION['creds']['user_level']);
27
28 //set folder rights
29 if (@$_GET['f'] || $_SESSION['creds']['user_level']>200) {
30         $squashweb->give_rights(-1); // full access
31 } else {
32         $squashweb->give_rights($_SESSION['creds']['user_id']);
33 }
34
35 if (@$_GET['f']) {
36         $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".mysql_escape_string($_GET['f'])."'";
37         $f_r = mysql_query($f_q);
38         $f_o = mysql_fetch_object($f_r);
39
40         //log downloads
41         log_event('download', $f_o->file, $_GET['f']);
42
43         $_hpath_arr=explode("/", $f_o->file);
44         $file=array_pop($_hpath_arr); //Remove filename
45         $path=implode("/", $_hpath_arr);
46         $squashweb->read_single_file($path, $file);
47         #$squashweb->read_directory($path, false, true, false, false);
48 } else {
49         //parse folders for readable files
50         $squashweb->read_directory($requestpath, true, true, $getdeepfiles, $populate);
51 }
52
53 //check if a file is requested
54 if (@$_GET['f']) {
55         //get the config of requested file
56         $request = $squashweb->get_config($_GET['f']);
57
58         //show requested file
59         #header('Cache-control: private');
60         header('Content-Disposition: attachment; filename="'.$request[2].'"');
61         header("Content-Type: ".$request['mime']);
62         if ($request[3])
63                 header('Content-Length: '.$request[3]);
64         #@ob_flush();
65         @flush();
66         $squashweb->print_files($request['path'], $request[2]);
67
68 } elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
69         if ($_SESSION['creds']['user_level'] > 99) {
70                 $request = $squashweb->get_config($_GET['h']);
71                 $handle = fopen(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden', 'x');
72                 fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
73                 fclose($handle);
74                 $path=$request['path'];
75                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
76         }
77 } elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
78         if ($_SESSION['creds']['user_level'] > 99) {
79                 $request = $squashweb->get_config($_GET['h']);
80                 @unlink(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden');
81                 $path=$request['path'];
82                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
83         }
84 } elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
85         if ($_SESSION['creds']['user_level'] > 99) {
86                 if ($_GET['h'] == "multiple") {
87                         $h_post = $_POST['h'];
88                         foreach ($h_post as $h_key => $h) {
89                                 $request = $squashweb->get_config($h);
90                                 $squashweb->delete_file($h, $_SESSION['creds']);
91                         }
92                 } else {
93                         $h = $_GET['h'];
94                         $request = $squashweb->get_config($h);
95                         $squashweb->delete_file($h, $_SESSION['creds']);
96                 }
97                 $path=$request['path'];
98                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path);
99         }
100
101 } elseif (@$_POST['tools']=="mkdir" && isset($_GET['path']) && isset($_POST['newname']) && $_SESSION['creds']['user_level'] > 99) {
102         $path = $_GET['path'];
103         $newname = $_POST['newname'];
104         $subs = explode('/', $path);
105         if (in_array('..', $subs))
106                 die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
107         if ($squashweb->got_rights_array_admin($path) > 0) {
108                 umask(002); // don't remove g+w
109                 mkdir(SQUASHER_UPLOADS_DIR.$path.'/'.$newname);
110         }
111         header( 'Location: ?path='.$path.'/'.$newname) ;
112         
113 } elseif (@$_POST['tools']=="rmdir" && isset($_GET['path']) && $_SESSION['creds']['user_level'] > 99) {
114         $path = $_GET['path'];
115         $subs = explode('/', $path);
116         if (in_array('..', $subs))
117                 die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
118         if ($squashweb->got_rights_array_admin($path) > 0) {
119                 rmdir(SQUASHER_UPLOADS_DIR.$path);
120         }
121         array_pop($subs);
122         $path=implode("/", $subs);
123         header( 'Location: ?path='.$path) ;
124         
125 } elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
126
127         $smarty = get_smarty();
128
129         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
130         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
131         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
132
133         $smarty->assign('edited_user', @$_GET['user']);
134
135         $tree = $squashweb->show_rights_tree($requestpath, 0, @$_GET['user']);
136
137         $smarty->assign('style', $tree['style']);
138         $smarty->assign('layout', $tree['layout']);
139
140         $smarty->assign('debug', @$_GET['debug']);
141         $smarty->assign('folderrights', $squashweb->folderrights());
142         $smarty->assign('userrights', $squashweb->userrights());
143         $smarty->display('admin.tpl');
144
145 } elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) {
146         /*
147         $type = @$_POST['type'];
148         if ($type=="disable")
149                 $squashweb->disable_users($_POST['u']);
150         */
151         $smarty = get_smarty();
152
153         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
154         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
155         $smarty->assign('user_id', $_SESSION['creds']['user_id']);
156
157         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
158
159         $smarty->assign('debug', @$_GET['debug']);
160
161         $smarty->display('udmin.tpl');
162
163 } elseif (@$_REQUEST['tools']=='edituser' && $_SESSION['creds']['user_level'] > 100) {
164         
165         $edited_user = @$_REQUEST['edited_user']; // user id
166         $users = $squashweb->get_users($_SESSION['creds']['user_level']);
167         $u = @$_REQUEST['u']; // new or edited data
168         if ($u) {
169                 if ($edited_user) {
170                         $squashweb->update_users($u, $edited_user);
171                 } else {
172                         // Simple admin don't have the user_level <tr>. Just set the value for them now:
173                         if ($_SESSION['creds']['user_level'] < 200)
174                                 $u['user_level'] = 55;
175                         $squashweb->insert_users($u, $_SESSION['creds']['user_level']);
176                 }
177                 header('302 done');
178                 header('Location: ?tools=users');
179         } else {
180                 $smarty = get_smarty();
181                 $smarty->assign('user_level', $_SESSION['creds']['user_level']);
182                 $smarty->assign('user_name', $_SESSION['creds']['user_name']);
183                 $smarty->assign('user_id', $_SESSION['creds']['user_id']);
184
185                 $smarty->assign('users', $users);
186                 $smarty->assign('edited_user', $edited_user);
187
188                 if (array_key_exists($edited_user, $users)) {
189                         $user = $users[$edited_user];
190                         if (!$user['enabled'])
191                                 $user['level'] = 0;
192                         $smarty->assign('u', $user);
193                 }
194
195                 if ($_SESSION['creds']['user_level'] > 199) {
196                         $smarty->assign('user_levels', array(55 => 'User', 155 => 'Admin', 255 => 'Super admin', 0 => 'Disabled') );
197                 } else {
198                         $smarty->assign('user_levels', array(55 => 'User', 0 => 'Disabled') );
199                 }
200
201                 $smarty->assign('debug', @$_GET['debug']);
202                 $smarty->display('edit_user.tpl');
203         }
204
205 } elseif (@$_REQUEST['tools']=='deluser' && $_SESSION['creds']['user_level'] > 100) {
206         $edited_user = @$_REQUEST['edited_user']; // user id
207         $users = $squashweb->get_users($_SESSION['creds']['user_level']);
208         if (array_key_exists($edited_user, $users))
209                 $squashweb->remove_users($edited_user);
210         header('302 done');
211         header('Location: ?tools=users');
212         
213 } elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
214         $logtype=@$_GET['logtype'];
215         if (!$logtype)
216                 $logtype = 'all';
217
218         $smarty = get_smarty();
219
220         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
221         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
222         $smarty->assign('logtype', $logtype);
223         $smarty->assign('logs', $squashweb->get_logs($logtype));
224
225         $smarty->assign('debug', @$_GET['debug']);
226         $smarty->display('logs.tpl');
227
228 } else {
229         //show overview
230
231         $smarty = get_smarty();
232         /***
233         *       $config:: array
234         *       [0]     ->      versioncode
235         *       [1]     ->      date&time
236         *       [2]     ->      filename
237         *       [3]     ->      filesize
238         *       [4]     ->      chunksize
239         *       [5]     ->      chunkcount
240         *       [6]     ->      CRC32 checksum
241         ***/
242
243         $configs_num = $squashweb->get_configs();
244         $configs_sorted = named_records_sort($configs_num, 'lastchange', true);
245
246         $configs = array();
247
248         foreach ($configs_sorted as $key => $value) {
249                 $configs[$key]['squashed'] = $value['squashed'];
250                 $configs[$key]['version'] = $value[0];
251                 //$configs[$key]['date'] = $value[1]; //removed because user local creation date is irrelevant
252                 $configs[$key]['name'] = $value[2];
253                 $configs[$key]['size'] = $value[3];
254                 $configs[$key]['chunk_size'] = $value[4];
255                 $configs[$key]['chunks'] = $value[5];
256                 $configs[$key]['crc'] = $value[6];
257                 (strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false;
258                 (@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
259
260                 $configs[$key]['embedable'] = $embedable;
261                 $configs[$key]['finished'] = $finished;
262                 $configs[$key]['mime'] = $value['mime'];
263                 $configs[$key]['status'] = $value['status'];
264                 $configs[$key]['hidden'] = $value['hidden'];
265                 $configs[$key]['chunks_finished'] = @array_sum($value['stats']);
266                 if ($finished) {
267                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_finished'];
268                 } else {
269                         $continue = true;
270                         foreach($value['stats'] as $sk => $sv) {
271                                 if ($continue) {
272                                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_partial']+$sv;
273                                         if ($sv != '1.00') $continue=false;
274                                 }
275                         }
276                 }
277                 $configs[$key]['date'] = date('d.m.y - H:i:s - T', $value['added']);
278                 $configs[$key]['lastchange'] = date('d.m.y - H:i:s - T', $value['lastchange']);
279         }
280
281
282         //set base folders
283         $basepath['/'] = 'top';
284         $bpath = '';
285         foreach (explode('/', $requestpath) as $key => $value) {
286                 if ($value != '') {
287                         $bpath .= '/'.$value;
288                         $basepath[$bpath] = $value;
289                 }
290         }
291         $smarty->assign('debug', @$_GET['debug']);
292         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
293         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
294         $smarty->assign('folderrights', $squashweb->folderrights());
295
296         $smarty->assign('squashed', $configs);
297         $smarty->assign('base', $basepath);
298         $smarty->assign('currentfolder', $requestpath);
299         $subs = $squashweb->subfolders();
300         if ($subs)
301                 asort($subs);
302         $smarty->assign('subfolders', $subs);
303
304         //if(@$_GET[debug]) print_r($configs);
305         $smarty->display('index.tpl'); //Display normal template
306
307 }
308 // vim: syntax=php ts=4 sw=4 sts=4 sr noet
309 ?>